From 8b04aa2f7aa5c0a82edfa4d0a8f9e3865bc2c5a5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= <jdanek@redhat.com>
Date: Tue, 12 Aug 2025 10:55:41 +0200
Subject: [PATCH 1/2] NO-JIRA: fix `notify-team-to-review-pr.yml` by using
 `pull_request_target` to resolve 403 error

---
 .github/workflows/notify-team-to-review-pr.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/notify-team-to-review-pr.yml b/.github/workflows/notify-team-to-review-pr.yml
index 707c6d5b57..73217e72ea 100644
--- a/.github/workflows/notify-team-to-review-pr.yml
+++ b/.github/workflows/notify-team-to-review-pr.yml
@@ -1,7 +1,9 @@
 ---
 name: Add Review Requested Label
 on:  # yamllint disable-line rule:truthy
-  pull_request:
+  # the regular `secrets.GITHUB_TOKEN` with `on: pull_request` results in a 403 error
+  #  HttpError: Resource not accessible by integration
+  pull_request_target:
     types: [opened]
 
 permissions:
@@ -14,9 +16,13 @@ jobs:
     if: contains(github.event.pull_request.labels.*.name, 'konflux-nudge') == false
     runs-on: ubuntu-latest
     steps:
+
+      # SECURITY: never clone untrusted code in pull_request_target workflows
+
       - name: Add review-requested label
         uses: actions/github-script@v7
         with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
           # language=javascript
           script: |
             await github.rest.issues.addLabels({

From a00ac815c6fb7cc091ae2ede6b53d7119f17cdd1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jiri=20Dan=C4=9Bk?= <jdanek@redhat.com>
Date: Tue, 12 Aug 2025 11:08:57 +0200
Subject: [PATCH 2/2] Create awefaw

---
 awefaw | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 awefaw

diff --git a/awefaw b/awefaw
new file mode 100644
index 0000000000..c44d8263ff
--- /dev/null
+++ b/awefaw
@@ -0,0 +1 @@
+afweawef